From 6a1f488b5d01b4675dabe707328c7ce9e35e18e2 Mon Sep 17 00:00:00 2001 From: Rainer Halanek Date: Fri, 4 Mar 2022 11:03:47 +0100 Subject: [PATCH 01/24] update ACR --- .../registries/deploy.bicep | 102 +++++++++++++++--- .../registries/readme.md | 31 ++++-- .../replications/.bicep/nested_cuaId.bicep | 1 + .../registries/replications/deploy.bicep | 53 +++++++++ .../registries/replications/readme.md | 50 +++++++++ .../registries/replications/version.json | 4 + 6 files changed, 218 insertions(+), 23 deletions(-) create mode 100644 arm/Microsoft.ContainerRegistry/registries/replications/.bicep/nested_cuaId.bicep create mode 100644 arm/Microsoft.ContainerRegistry/registries/replications/deploy.bicep create mode 100644 arm/Microsoft.ContainerRegistry/registries/replications/readme.md create mode 100644 arm/Microsoft.ContainerRegistry/registries/replications/version.json diff --git a/arm/Microsoft.ContainerRegistry/registries/deploy.bicep b/arm/Microsoft.ContainerRegistry/registries/deploy.bicep index 7de9a5cac0..241ee46f3d 100644 --- a/arm/Microsoft.ContainerRegistry/registries/deploy.bicep +++ b/arm/Microsoft.ContainerRegistry/registries/deploy.bicep @@ -18,32 +18,86 @@ param privateEndpoints array = [] @description('Optional. Tier of your Azure container registry.') @allowed([ 'Basic' - 'Standard' + 'Classic' 'Premium' + 'Standard' ]) param acrSku string = 'Basic' -@description('Optional. The value that indicates whether the policy is enabled or not.') -param quarantinePolicyStatus string = '' +@allowed([ + 'disabled' + 'enabled' +]) +@description('Optional. The value that indicates whether the export policy is enabled or not.') +param exportPolicyStatus string = 'disabled' + +@allowed([ + 'disabled' + 'enabled' +]) +@description('Optional. The value that indicates whether the quarantine policy is enabled or not.') +param quarantinePolicyStatus string = 'disabled' -@description('Optional. The value that indicates whether the policy is enabled or not.') -param trustPolicyStatus string = '' +@allowed([ + 'disabled' + 'enabled' +]) +@description('Optional. The value that indicates whether the trust policy is enabled or not.') +param trustPolicyStatus string = 'disabled' -@description('Optional. The value that indicates whether the policy is enabled or not.') -param retentionPolicyStatus string = '' +@allowed([ + 'disabled' + 'enabled' +]) +@description('Optional. The value that indicates whether the retention policy is enabled or not.') +param retentionPolicyStatus string = 'enabled' @description('Optional. The number of days to retain an untagged manifest after which it gets purged.') -param retentionPolicyDays string = '' +param retentionPolicyDays int = 15 + +@allowed([ + 'disabled' + 'enabled' +]) +@description('Optional. The value that indicates whether encryption is enabled or not.') +param encryptionStatus string = 'disabled' + +@description('Optional. Identity which will be used to access key vault and Key vault uri to access the encryption key.') +param keyVaultProperties object = {} @description('Optional. Enable a single data endpoint per region for serving data. Not relevant in case of disabled public access.') param dataEndpointEnabled bool = false +@allowed([ + 'Disabled' + 'Enabled' +]) @description('Optional. Whether or not public network access is allowed for the container registry. - Enabled or Disabled') param publicNetworkAccess string = 'Enabled' @description('Optional. Whether to allow trusted Azure services to access a network restricted registry. Not relevant in case of public access. - AzureServices or None') param networkRuleBypassOptions string = 'AzureServices' +@allowed([ + 'Allow' + 'Deny' +]) +@description('Optional. The default action of allow or deny when no other rules match.') +param networkRuleSetDefaultAction string = 'Deny' + +@description('Optional. The IP ACL rules.') +param networkRuleSetIpRules array = [] + +@allowed([ + 'Disabled' + 'Enabled' +]) +@description('Optional. Whether or not zone redundancy is enabled for this container registry') +param zoneRedundancy string = 'Disabled' + +@description('Optional. All replications to create') +param replications array = [] + @allowed([ 'CanNotDelete' 'NotSpecified' @@ -140,25 +194,49 @@ resource registry 'Microsoft.ContainerRegistry/registries@2021-09-01' = { } properties: { adminUserEnabled: acrAdminUserEnabled + encryption: { + keyVaultProperties: keyVaultProperties + status: encryptionStatus + } policies: { + exportPolicy: { + status: exportPolicyStatus + } quarantinePolicy: { - status: (empty(quarantinePolicyStatus) ? null : quarantinePolicyStatus) + status: quarantinePolicyStatus } trustPolicy: { type: 'Notary' - status: (empty(trustPolicyStatus) ? null : trustPolicyStatus) + status: trustPolicyStatus } retentionPolicy: { - days: (empty(retentionPolicyDays) ? null : int(retentionPolicyDays)) - status: (empty(retentionPolicyStatus) ? null : retentionPolicyStatus) + days: retentionPolicyDays + status: retentionPolicyStatus } } dataEndpointEnabled: dataEndpointEnabled publicNetworkAccess: publicNetworkAccess networkRuleBypassOptions: networkRuleBypassOptions + networkRuleSet: { + defaultAction: networkRuleSetDefaultAction + ipRules: networkRuleSetIpRules + } + zoneRedundancy: zoneRedundancy } } +module registry_replications 'replications/deploy.bicep' = [for (replication, index) in replications: { + name: '${uniqueString(deployment().name, location)}-Registry-Replication-${index}' + params: { + name: replication.name + registryName: registry.name + location: location + regionEndpointEnabled: contains(replication, 'regionEndpointEnabled') ? replication.regionEndpointEnabled : false + zoneRedundancy: contains(replication, 'zoneRedundancy') ? replication.zoneRedundancy : 'Disabled' + tags: contains(replication, 'tags') ? replication.tags : {} + } +}] + resource registry_lock 'Microsoft.Authorization/locks@2017-04-01' = if (lock != 'NotSpecified') { name: '${registry.name}-${lock}-lock' properties: { diff --git a/arm/Microsoft.ContainerRegistry/registries/readme.md b/arm/Microsoft.ContainerRegistry/registries/readme.md index 65d628a2c7..e7b512e5a6 100644 --- a/arm/Microsoft.ContainerRegistry/registries/readme.md +++ b/arm/Microsoft.ContainerRegistry/registries/readme.md @@ -9,39 +9,47 @@ Azure Container Registry is a managed, private Docker registry service based on | `Microsoft.Authorization/locks` | 2017-04-01 | | `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.ContainerRegistry/registries` | 2021-09-01 | +| `Microsoft.ContainerRegistry/registries/replications` | 2021-09-01 | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | -| `Microsoft.Network/privateEndpoints` | 2021-02-01 | +| `Microsoft.Network/privateEndpoints` | 2021-05-01 | | `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | 2021-02-01 | ## Parameters | Parameter Name | Type | Default Value | Possible Values | Description | | :-- | :-- | :-- | :-- | :-- | -| `acrAdminUserEnabled` | bool | | | Optional. Enable admin user that have push / pull permission to the registry. | -| `acrSku` | string | `Basic` | `[Basic, Standard, Premium]` | Optional. Tier of your Azure container registry. | +| `acrAdminUserEnabled` | bool | `False` | | Optional. Enable admin user that have push / pull permission to the registry. | +| `acrSku` | string | `Basic` | `[Basic, Classic, Premium, Standard]` | Optional. Tier of your Azure container registry. | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | -| `dataEndpointEnabled` | bool | | | Optional. Enable a single data endpoint per region for serving data. Not relevant in case of disabled public access. | +| `dataEndpointEnabled` | bool | `False` | | Optional. Enable a single data endpoint per region for serving data. Not relevant in case of disabled public access. | | `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | | `diagnosticEventHubName` | string | | | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | | `diagnosticWorkspaceId` | string | | | Optional. Resource ID of the diagnostic log analytics workspace. | +| `encryptionStatus` | string | `disabled` | `[disabled, enabled]` | Optional. The value that indicates whether encryption is enabled or not. | +| `exportPolicyStatus` | string | `disabled` | `[disabled, enabled]` | Optional. The value that indicates whether the export policy is enabled or not. | +| `keyVaultProperties` | object | `{object}` | | Optional. Identity which will be used to access key vault and Key vault uri to access the encryption key. | | `location` | string | `[resourceGroup().location]` | | Optional. Location for all resources. | | `lock` | string | `NotSpecified` | `[CanNotDelete, NotSpecified, ReadOnly]` | Optional. Specify the type of lock. | | `logsToEnable` | array | `[ContainerRegistryRepositoryEvents, ContainerRegistryLoginEvents]` | `[ContainerRegistryRepositoryEvents, ContainerRegistryLoginEvents]` | Optional. The name of logs that will be streamed. | | `metricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | Optional. The name of metrics that will be streamed. | | `name` | string | | | Required. Name of your Azure container registry | | `networkRuleBypassOptions` | string | `AzureServices` | | Optional. Whether to allow trusted Azure services to access a network restricted registry. Not relevant in case of public access. - AzureServices or None | +| `networkRuleSetDefaultAction` | string | `Deny` | `[Allow, Deny]` | Optional. The default action of allow or deny when no other rules match. | +| `networkRuleSetIpRules` | array | `[]` | | Optional. The IP ACL rules. | | `privateEndpoints` | array | `[]` | | Optional. Configuration Details for private endpoints. | -| `publicNetworkAccess` | string | `Enabled` | | Optional. Whether or not public network access is allowed for the container registry. - Enabled or Disabled | -| `quarantinePolicyStatus` | string | | | Optional. The value that indicates whether the policy is enabled or not. | -| `retentionPolicyDays` | string | | | Optional. The number of days to retain an untagged manifest after which it gets purged. | -| `retentionPolicyStatus` | string | | | Optional. The value that indicates whether the policy is enabled or not. | +| `publicNetworkAccess` | string | `Enabled` | `[Disabled, Enabled]` | Optional. Whether or not public network access is allowed for the container registry. - Enabled or Disabled | +| `quarantinePolicyStatus` | string | `disabled` | `[disabled, enabled]` | Optional. The value that indicates whether the quarantine policy is enabled or not. | +| `replications` | _[replications](replications/readme.md)_ array | `[]` | | Optional. All replications to create | +| `retentionPolicyDays` | int | `15` | | Optional. The number of days to retain an untagged manifest after which it gets purged. | +| `retentionPolicyStatus` | string | `enabled` | `[disabled, enabled]` | Optional. The value that indicates whether the retention policy is enabled or not. | | `roleAssignments` | array | `[]` | | Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' | -| `systemAssignedIdentity` | bool | | | Optional. Enables system assigned managed identity on the resource. | +| `systemAssignedIdentity` | bool | `False` | | Optional. Enables system assigned managed identity on the resource. | | `tags` | object | `{object}` | | Optional. Tags of the resource. | -| `trustPolicyStatus` | string | | | Optional. The value that indicates whether the policy is enabled or not. | +| `trustPolicyStatus` | string | `disabled` | `[disabled, enabled]` | Optional. The value that indicates whether the trust policy is enabled or not. | | `userAssignedIdentities` | object | `{object}` | | Optional. The ID(s) to assign to the resource. | +| `zoneRedundancy` | string | `Disabled` | `[Disabled, Enabled]` | Optional. Whether or not zone redundancy is enabled for this container registry | ### Parameter Usage: `roleAssignments` @@ -160,7 +168,8 @@ You can specify multiple user assigned identities to a resource by providing add - [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) - [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) -- [Privateendpoints](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/privateEndpoints) +- [Privateendpoints](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/privateEndpoints) - [Privateendpoints/Privatednszonegroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/privateEndpoints/privateDnsZoneGroups) - [Registries](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ContainerRegistry/2021-09-01/registries) +- [Registries/Replications](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ContainerRegistry/2021-09-01/registries/replications) - [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/roleAssignments) diff --git a/arm/Microsoft.ContainerRegistry/registries/replications/.bicep/nested_cuaId.bicep b/arm/Microsoft.ContainerRegistry/registries/replications/.bicep/nested_cuaId.bicep new file mode 100644 index 0000000000..8b13789179 --- /dev/null +++ b/arm/Microsoft.ContainerRegistry/registries/replications/.bicep/nested_cuaId.bicep @@ -0,0 +1 @@ + diff --git a/arm/Microsoft.ContainerRegistry/registries/replications/deploy.bicep b/arm/Microsoft.ContainerRegistry/registries/replications/deploy.bicep new file mode 100644 index 0000000000..f5a2e78a2c --- /dev/null +++ b/arm/Microsoft.ContainerRegistry/registries/replications/deploy.bicep @@ -0,0 +1,53 @@ +@description('Required. The name of the registry.') +param registryName string + +@description('Required. The name of the replication.') +param name string + +@description('Optional. Location for all resources.') +param location string = resourceGroup().location + +@description('Optional. Tags of the resource.') +param tags object = {} + +@description('Optional. Specifies whether the replication regional endpoint is enabled. Requests will not be routed to a replication whose regional endpoint is disabled, however its data will continue to be synced with other replications.') +param regionEndpointEnabled bool = false + +@allowed([ + 'Disabled' + 'Enabled' +]) +@description('Optional. Whether or not zone redundancy is enabled for this container registry') +param zoneRedundancy string = 'Disabled' + +@description('Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered') +param cuaId string = '' + +module pid_cuaId './.bicep/nested_cuaId.bicep' = if (!empty(cuaId)) { + name: 'pid-${cuaId}' + params: {} +} + +resource registry 'Microsoft.ContainerRegistry/registries@2021-09-01' existing = { + name: registryName +} + +resource replication 'Microsoft.ContainerRegistry/registries/replications@2021-09-01' = { + name: name + parent: registry + location: location + tags: tags + properties: { + regionEndpointEnabled: regionEndpointEnabled + zoneRedundancy: zoneRedundancy + } +} + +@description('The name of the replication.') +output name string = replication.name + +@description('The resource ID of the replication.') +output resourceId string = replication.id + +@description('The name of the resource group the replication was created in.') +output resourceGroupName string = resourceGroup().name diff --git a/arm/Microsoft.ContainerRegistry/registries/replications/readme.md b/arm/Microsoft.ContainerRegistry/registries/replications/readme.md new file mode 100644 index 0000000000..3f28cc23c1 --- /dev/null +++ b/arm/Microsoft.ContainerRegistry/registries/replications/readme.md @@ -0,0 +1,50 @@ +# ContainerRegistry Registries Replications `[Microsoft.ContainerRegistry/registries/replications]` + +This module deploys ContainerRegistry Registries Replications. + +## Resource Types + +| Resource Type | API Version | +| :-- | :-- | +| `Microsoft.ContainerRegistry/registries/replications` | 2021-09-01 | + +## Parameters + +| Parameter Name | Type | Default Value | Possible Values | Description | +| :-- | :-- | :-- | :-- | :-- | +| `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | +| `location` | string | `[resourceGroup().location]` | | Optional. Location for all resources. | +| `name` | string | | | Required. The name of the replication. | +| `regionEndpointEnabled` | bool | `False` | | Optional. Specifies whether the replication regional endpoint is enabled. Requests will not be routed to a replication whose regional endpoint is disabled, however its data will continue to be synced with other replications. | +| `registryName` | string | | | Required. The name of the registry. | +| `tags` | object | `{object}` | | Optional. Tags of the resource. | +| `zoneRedundancy` | string | `Disabled` | `[Disabled, Enabled]` | Optional. Whether or not zone redundancy is enabled for this container registry | + +### Parameter Usage: `tags` + +Tag names and tag values can be provided as needed. A tag can be left without a value. + +```json +"tags": { + "value": { + "Environment": "Non-Prod", + "Contact": "test.user@testcompany.com", + "PurchaseOrder": "1234", + "CostCenter": "7890", + "ServiceName": "DeploymentValidation", + "Role": "DeploymentValidation" + } +} +``` + +## Outputs + +| Output Name | Type | Description | +| :-- | :-- | :-- | +| `name` | string | The name of the replication. | +| `resourceGroupName` | string | The name of the resource group the replication was created in. | +| `resourceId` | string | The resource ID of the replication. | + +## Template references + +- [Registries/Replications](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ContainerRegistry/2021-09-01/registries/replications) diff --git a/arm/Microsoft.ContainerRegistry/registries/replications/version.json b/arm/Microsoft.ContainerRegistry/registries/replications/version.json new file mode 100644 index 0000000000..56f8d9ca40 --- /dev/null +++ b/arm/Microsoft.ContainerRegistry/registries/replications/version.json @@ -0,0 +1,4 @@ +{ + "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", + "version": "0.4" +} From d19dbed1e73b414a2caf62a64390949ee6962a1f Mon Sep 17 00:00:00 2001 From: Rainer Halanek Date: Fri, 4 Mar 2022 11:07:17 +0100 Subject: [PATCH 02/24] test replications --- .../registries/.parameters/parameters.json | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/arm/Microsoft.ContainerRegistry/registries/.parameters/parameters.json b/arm/Microsoft.ContainerRegistry/registries/.parameters/parameters.json index 0b7604f9da..08b504bdf6 100644 --- a/arm/Microsoft.ContainerRegistry/registries/.parameters/parameters.json +++ b/arm/Microsoft.ContainerRegistry/registries/.parameters/parameters.json @@ -8,6 +8,14 @@ "acrAdminUserEnabled": { "value": false }, + "replications": { + "value": [ + { + "name": "North Europe", + "location": "northeurope" + } + ] + }, "roleAssignments": { "value": [ { From a00894c6ab5af74f64c8a78281005c0f8b5affc6 Mon Sep 17 00:00:00 2001 From: Rainer Halanek Date: Fri, 4 Mar 2022 11:18:11 +0100 Subject: [PATCH 03/24] fix --- arm/Microsoft.ContainerRegistry/registries/deploy.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arm/Microsoft.ContainerRegistry/registries/deploy.bicep b/arm/Microsoft.ContainerRegistry/registries/deploy.bicep index 241ee46f3d..57cb983ce8 100644 --- a/arm/Microsoft.ContainerRegistry/registries/deploy.bicep +++ b/arm/Microsoft.ContainerRegistry/registries/deploy.bicep @@ -195,7 +195,7 @@ resource registry 'Microsoft.ContainerRegistry/registries@2021-09-01' = { properties: { adminUserEnabled: acrAdminUserEnabled encryption: { - keyVaultProperties: keyVaultProperties + keyVaultProperties: !empty(keyVaultProperties) ? keyVaultProperties : null status: encryptionStatus } policies: { From 14ca98d722af6ce17fcb3a77125149c2cbec1bce Mon Sep 17 00:00:00 2001 From: Rainer Halanek Date: Fri, 4 Mar 2022 11:20:47 +0100 Subject: [PATCH 04/24] add description --- arm/Microsoft.ContainerRegistry/registries/readme.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/arm/Microsoft.ContainerRegistry/registries/readme.md b/arm/Microsoft.ContainerRegistry/registries/readme.md index e7b512e5a6..0dda5796f3 100644 --- a/arm/Microsoft.ContainerRegistry/registries/readme.md +++ b/arm/Microsoft.ContainerRegistry/registries/readme.md @@ -51,6 +51,17 @@ Azure Container Registry is a managed, private Docker registry service based on | `userAssignedIdentities` | object | `{object}` | | Optional. The ID(s) to assign to the resource. | | `zoneRedundancy` | string | `Disabled` | `[Disabled, Enabled]` | Optional. Whether or not zone redundancy is enabled for this container registry | +### Parameter Usage: `keyVaultProperties` + +```json +"keyVaultProperties": { + "value": { + "identity": "string", // The client id of the identity which will be used to access key vault. + "keyIdentifier": "string" // Key vault uri to access the encryption key. + } +} +``` + ### Parameter Usage: `roleAssignments` ```json From 4c08f798ff68297fe440388c46040156c7b3ffa1 Mon Sep 17 00:00:00 2001 From: Rainer Halanek Date: Fri, 4 Mar 2022 11:30:06 +0100 Subject: [PATCH 05/24] fix --- arm/Microsoft.ContainerRegistry/registries/deploy.bicep | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arm/Microsoft.ContainerRegistry/registries/deploy.bicep b/arm/Microsoft.ContainerRegistry/registries/deploy.bicep index 57cb983ce8..e5c74b57bc 100644 --- a/arm/Microsoft.ContainerRegistry/registries/deploy.bicep +++ b/arm/Microsoft.ContainerRegistry/registries/deploy.bicep @@ -217,10 +217,10 @@ resource registry 'Microsoft.ContainerRegistry/registries@2021-09-01' = { dataEndpointEnabled: dataEndpointEnabled publicNetworkAccess: publicNetworkAccess networkRuleBypassOptions: networkRuleBypassOptions - networkRuleSet: { + networkRuleSet: !empty(networkRuleSetIpRules) ? { defaultAction: networkRuleSetDefaultAction ipRules: networkRuleSetIpRules - } + } : null zoneRedundancy: zoneRedundancy } } From e9e8f6c07a34b88938d7ffa4e427aa78c46d9224 Mon Sep 17 00:00:00 2001 From: Rainer Halanek Date: Fri, 4 Mar 2022 11:42:47 +0100 Subject: [PATCH 06/24] add paramter --- .../registries/.parameters/parameters.json | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arm/Microsoft.ContainerRegistry/registries/.parameters/parameters.json b/arm/Microsoft.ContainerRegistry/registries/.parameters/parameters.json index 08b504bdf6..4c6e3dfb0d 100644 --- a/arm/Microsoft.ContainerRegistry/registries/.parameters/parameters.json +++ b/arm/Microsoft.ContainerRegistry/registries/.parameters/parameters.json @@ -8,6 +8,9 @@ "acrAdminUserEnabled": { "value": false }, + "acrSku": { + "value": "Standard" + }, "replications": { "value": [ { From b72664f7f9137e0a98e377c50b7ec784148b2396 Mon Sep 17 00:00:00 2001 From: Rainer Halanek Date: Fri, 4 Mar 2022 11:47:15 +0100 Subject: [PATCH 07/24] test --- .../registries/.parameters/parameters.json | 2 +- arm/Microsoft.ContainerRegistry/registries/deploy.bicep | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/arm/Microsoft.ContainerRegistry/registries/.parameters/parameters.json b/arm/Microsoft.ContainerRegistry/registries/.parameters/parameters.json index 4c6e3dfb0d..29e6041d81 100644 --- a/arm/Microsoft.ContainerRegistry/registries/.parameters/parameters.json +++ b/arm/Microsoft.ContainerRegistry/registries/.parameters/parameters.json @@ -9,7 +9,7 @@ "value": false }, "acrSku": { - "value": "Standard" + "value": "Premium" }, "replications": { "value": [ diff --git a/arm/Microsoft.ContainerRegistry/registries/deploy.bicep b/arm/Microsoft.ContainerRegistry/registries/deploy.bicep index e5c74b57bc..11fa5363f0 100644 --- a/arm/Microsoft.ContainerRegistry/registries/deploy.bicep +++ b/arm/Microsoft.ContainerRegistry/registries/deploy.bicep @@ -22,7 +22,7 @@ param privateEndpoints array = [] 'Premium' 'Standard' ]) -param acrSku string = 'Basic' +param acrSku string = 'Standard' @allowed([ 'disabled' From 288486c3ab8fadf3dc89280b21dd94dc08c51394 Mon Sep 17 00:00:00 2001 From: Rainer Halanek Date: Fri, 4 Mar 2022 11:57:39 +0100 Subject: [PATCH 08/24] test --- arm/Microsoft.ContainerRegistry/registries/deploy.bicep | 3 +-- .../registries/replications/deploy.bicep | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/arm/Microsoft.ContainerRegistry/registries/deploy.bicep b/arm/Microsoft.ContainerRegistry/registries/deploy.bicep index 11fa5363f0..8ee98d6766 100644 --- a/arm/Microsoft.ContainerRegistry/registries/deploy.bicep +++ b/arm/Microsoft.ContainerRegistry/registries/deploy.bicep @@ -18,11 +18,10 @@ param privateEndpoints array = [] @description('Optional. Tier of your Azure container registry.') @allowed([ 'Basic' - 'Classic' 'Premium' 'Standard' ]) -param acrSku string = 'Standard' +param acrSku string = 'Basic' @allowed([ 'disabled' diff --git a/arm/Microsoft.ContainerRegistry/registries/replications/deploy.bicep b/arm/Microsoft.ContainerRegistry/registries/replications/deploy.bicep index f5a2e78a2c..c58eac24a4 100644 --- a/arm/Microsoft.ContainerRegistry/registries/replications/deploy.bicep +++ b/arm/Microsoft.ContainerRegistry/registries/replications/deploy.bicep @@ -11,7 +11,7 @@ param location string = resourceGroup().location param tags object = {} @description('Optional. Specifies whether the replication regional endpoint is enabled. Requests will not be routed to a replication whose regional endpoint is disabled, however its data will continue to be synced with other replications.') -param regionEndpointEnabled bool = false +param regionEndpointEnabled bool = true @allowed([ 'Disabled' From cb503c376688a217912f4c4b86650a427fc06dcf Mon Sep 17 00:00:00 2001 From: Rainer Halanek Date: Fri, 4 Mar 2022 12:10:36 +0100 Subject: [PATCH 09/24] fix --- .../registries/.parameters/parameters.json | 3 +++ arm/Microsoft.ContainerRegistry/registries/deploy.bicep | 4 ++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/arm/Microsoft.ContainerRegistry/registries/.parameters/parameters.json b/arm/Microsoft.ContainerRegistry/registries/.parameters/parameters.json index 29e6041d81..daf51c2a34 100644 --- a/arm/Microsoft.ContainerRegistry/registries/.parameters/parameters.json +++ b/arm/Microsoft.ContainerRegistry/registries/.parameters/parameters.json @@ -11,6 +11,9 @@ "acrSku": { "value": "Premium" }, + "exportPolicyStatus": { + "value": "enabled" + }, "replications": { "value": [ { diff --git a/arm/Microsoft.ContainerRegistry/registries/deploy.bicep b/arm/Microsoft.ContainerRegistry/registries/deploy.bicep index 8ee98d6766..344a7b931a 100644 --- a/arm/Microsoft.ContainerRegistry/registries/deploy.bicep +++ b/arm/Microsoft.ContainerRegistry/registries/deploy.bicep @@ -198,9 +198,9 @@ resource registry 'Microsoft.ContainerRegistry/registries@2021-09-01' = { status: encryptionStatus } policies: { - exportPolicy: { + exportPolicy: acrSku == 'Premium' ? { status: exportPolicyStatus - } + } : null quarantinePolicy: { status: quarantinePolicyStatus } From 4c84e4dfc4234d2792c5a0dc7958cf733f2b7d85 Mon Sep 17 00:00:00 2001 From: Rainer Halanek Date: Fri, 4 Mar 2022 12:28:40 +0100 Subject: [PATCH 10/24] fix --- .../registries/.parameters/parameters.json | 2 +- arm/Microsoft.ContainerRegistry/registries/deploy.bicep | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/arm/Microsoft.ContainerRegistry/registries/.parameters/parameters.json b/arm/Microsoft.ContainerRegistry/registries/.parameters/parameters.json index daf51c2a34..019af37a8a 100644 --- a/arm/Microsoft.ContainerRegistry/registries/.parameters/parameters.json +++ b/arm/Microsoft.ContainerRegistry/registries/.parameters/parameters.json @@ -17,7 +17,7 @@ "replications": { "value": [ { - "name": "North Europe", + "name": "northeurope", "location": "northeurope" } ] diff --git a/arm/Microsoft.ContainerRegistry/registries/deploy.bicep b/arm/Microsoft.ContainerRegistry/registries/deploy.bicep index 344a7b931a..81213fd075 100644 --- a/arm/Microsoft.ContainerRegistry/registries/deploy.bicep +++ b/arm/Microsoft.ContainerRegistry/registries/deploy.bicep @@ -220,7 +220,7 @@ resource registry 'Microsoft.ContainerRegistry/registries@2021-09-01' = { defaultAction: networkRuleSetDefaultAction ipRules: networkRuleSetIpRules } : null - zoneRedundancy: zoneRedundancy + zoneRedundancy: acrSku == 'Premium' ? zoneRedundancy : null } } From 0a1b83177fb88b16010d5a26443f9f69ec952ac5 Mon Sep 17 00:00:00 2001 From: Rainer Halanek Date: Fri, 4 Mar 2022 12:40:33 +0100 Subject: [PATCH 11/24] test --- arm/Microsoft.ContainerRegistry/registries/deploy.bicep | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arm/Microsoft.ContainerRegistry/registries/deploy.bicep b/arm/Microsoft.ContainerRegistry/registries/deploy.bicep index 81213fd075..e49cc389a3 100644 --- a/arm/Microsoft.ContainerRegistry/registries/deploy.bicep +++ b/arm/Microsoft.ContainerRegistry/registries/deploy.bicep @@ -193,10 +193,10 @@ resource registry 'Microsoft.ContainerRegistry/registries@2021-09-01' = { } properties: { adminUserEnabled: acrAdminUserEnabled - encryption: { + encryption: acrSku == 'Premium' ? { keyVaultProperties: !empty(keyVaultProperties) ? keyVaultProperties : null status: encryptionStatus - } + } : null policies: { exportPolicy: acrSku == 'Premium' ? { status: exportPolicyStatus From b8f64cfc768c3ebb71b5c480a31770ff01e5f97e Mon Sep 17 00:00:00 2001 From: Rainer Halanek Date: Fri, 4 Mar 2022 12:46:00 +0100 Subject: [PATCH 12/24] test --- .../registries/.parameters/parameters.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arm/Microsoft.ContainerRegistry/registries/.parameters/parameters.json b/arm/Microsoft.ContainerRegistry/registries/.parameters/parameters.json index 019af37a8a..701c7016d5 100644 --- a/arm/Microsoft.ContainerRegistry/registries/.parameters/parameters.json +++ b/arm/Microsoft.ContainerRegistry/registries/.parameters/parameters.json @@ -17,8 +17,8 @@ "replications": { "value": [ { - "name": "northeurope", - "location": "northeurope" + "name": "germanynorth", + "location": "germanynorth" } ] }, From 423edfafbdaba5f942be67f5f55b346154fa6d22 Mon Sep 17 00:00:00 2001 From: Rainer Halanek Date: Fri, 4 Mar 2022 13:00:45 +0100 Subject: [PATCH 13/24] test --- .../registries/.parameters/parameters.json | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/arm/Microsoft.ContainerRegistry/registries/.parameters/parameters.json b/arm/Microsoft.ContainerRegistry/registries/.parameters/parameters.json index 701c7016d5..3bbd71e954 100644 --- a/arm/Microsoft.ContainerRegistry/registries/.parameters/parameters.json +++ b/arm/Microsoft.ContainerRegistry/registries/.parameters/parameters.json @@ -17,8 +17,12 @@ "replications": { "value": [ { - "name": "germanynorth", - "location": "germanynorth" + "name": "northeurope", + "location": "northeurope" + }, + { + "name": "westeurope", + "location": "westeurope" } ] }, From 5aa8ed360d3075759e850e267295b7aa84d572a1 Mon Sep 17 00:00:00 2001 From: Rainer Halanek Date: Fri, 4 Mar 2022 14:12:06 +0100 Subject: [PATCH 14/24] test --- arm/Microsoft.ContainerRegistry/registries/deploy.bicep | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/arm/Microsoft.ContainerRegistry/registries/deploy.bicep b/arm/Microsoft.ContainerRegistry/registries/deploy.bicep index e49cc389a3..15dfeaabde 100644 --- a/arm/Microsoft.ContainerRegistry/registries/deploy.bicep +++ b/arm/Microsoft.ContainerRegistry/registries/deploy.bicep @@ -193,10 +193,10 @@ resource registry 'Microsoft.ContainerRegistry/registries@2021-09-01' = { } properties: { adminUserEnabled: acrAdminUserEnabled - encryption: acrSku == 'Premium' ? { - keyVaultProperties: !empty(keyVaultProperties) ? keyVaultProperties : null - status: encryptionStatus - } : null + // encryption: acrSku == 'Premium' ? { + // keyVaultProperties: !empty(keyVaultProperties) ? keyVaultProperties : null + // status: encryptionStatus + // } : null policies: { exportPolicy: acrSku == 'Premium' ? { status: exportPolicyStatus From 452afe2e000f25c9f321e0311f3cccf906709efe Mon Sep 17 00:00:00 2001 From: Rainer Halanek Date: Fri, 4 Mar 2022 15:00:45 +0100 Subject: [PATCH 15/24] test --- .../registries/.parameters/parameters.json | 4 ---- arm/Microsoft.ContainerRegistry/registries/deploy.bicep | 6 +++--- .../registries/replications/deploy.bicep | 8 ++++---- 3 files changed, 7 insertions(+), 11 deletions(-) diff --git a/arm/Microsoft.ContainerRegistry/registries/.parameters/parameters.json b/arm/Microsoft.ContainerRegistry/registries/.parameters/parameters.json index 3bbd71e954..019af37a8a 100644 --- a/arm/Microsoft.ContainerRegistry/registries/.parameters/parameters.json +++ b/arm/Microsoft.ContainerRegistry/registries/.parameters/parameters.json @@ -19,10 +19,6 @@ { "name": "northeurope", "location": "northeurope" - }, - { - "name": "westeurope", - "location": "westeurope" } ] }, diff --git a/arm/Microsoft.ContainerRegistry/registries/deploy.bicep b/arm/Microsoft.ContainerRegistry/registries/deploy.bicep index 15dfeaabde..c133ccfd51 100644 --- a/arm/Microsoft.ContainerRegistry/registries/deploy.bicep +++ b/arm/Microsoft.ContainerRegistry/registries/deploy.bicep @@ -198,9 +198,9 @@ resource registry 'Microsoft.ContainerRegistry/registries@2021-09-01' = { // status: encryptionStatus // } : null policies: { - exportPolicy: acrSku == 'Premium' ? { - status: exportPolicyStatus - } : null + // exportPolicy: acrSku == 'Premium' ? { + // status: exportPolicyStatus + // } : null quarantinePolicy: { status: quarantinePolicyStatus } diff --git a/arm/Microsoft.ContainerRegistry/registries/replications/deploy.bicep b/arm/Microsoft.ContainerRegistry/registries/replications/deploy.bicep index c58eac24a4..6c02fa1193 100644 --- a/arm/Microsoft.ContainerRegistry/registries/replications/deploy.bicep +++ b/arm/Microsoft.ContainerRegistry/registries/replications/deploy.bicep @@ -37,10 +37,10 @@ resource replication 'Microsoft.ContainerRegistry/registries/replications@2021-0 parent: registry location: location tags: tags - properties: { - regionEndpointEnabled: regionEndpointEnabled - zoneRedundancy: zoneRedundancy - } + // properties: { + // regionEndpointEnabled: regionEndpointEnabled + // zoneRedundancy: zoneRedundancy + // } } @description('The name of the replication.') From 89ff5fdbb6c8a2e40820ec65379e6c85fd68eb96 Mon Sep 17 00:00:00 2001 From: Rainer Halanek Date: Fri, 4 Mar 2022 15:45:54 +0100 Subject: [PATCH 16/24] test --- arm/Microsoft.ContainerRegistry/registries/deploy.bicep | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/arm/Microsoft.ContainerRegistry/registries/deploy.bicep b/arm/Microsoft.ContainerRegistry/registries/deploy.bicep index c133ccfd51..3abbce1fb8 100644 --- a/arm/Microsoft.ContainerRegistry/registries/deploy.bicep +++ b/arm/Microsoft.ContainerRegistry/registries/deploy.bicep @@ -216,10 +216,10 @@ resource registry 'Microsoft.ContainerRegistry/registries@2021-09-01' = { dataEndpointEnabled: dataEndpointEnabled publicNetworkAccess: publicNetworkAccess networkRuleBypassOptions: networkRuleBypassOptions - networkRuleSet: !empty(networkRuleSetIpRules) ? { - defaultAction: networkRuleSetDefaultAction - ipRules: networkRuleSetIpRules - } : null + // networkRuleSet: !empty(networkRuleSetIpRules) ? { + // defaultAction: networkRuleSetDefaultAction + // ipRules: networkRuleSetIpRules + // } : null zoneRedundancy: acrSku == 'Premium' ? zoneRedundancy : null } } From 32ea95e5541acd88bbac98b6211aca77c2180353 Mon Sep 17 00:00:00 2001 From: Rainer Halanek Date: Fri, 4 Mar 2022 15:58:50 +0100 Subject: [PATCH 17/24] test --- arm/Microsoft.ContainerRegistry/registries/deploy.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arm/Microsoft.ContainerRegistry/registries/deploy.bicep b/arm/Microsoft.ContainerRegistry/registries/deploy.bicep index 3abbce1fb8..764e77d1a4 100644 --- a/arm/Microsoft.ContainerRegistry/registries/deploy.bicep +++ b/arm/Microsoft.ContainerRegistry/registries/deploy.bicep @@ -220,7 +220,7 @@ resource registry 'Microsoft.ContainerRegistry/registries@2021-09-01' = { // defaultAction: networkRuleSetDefaultAction // ipRules: networkRuleSetIpRules // } : null - zoneRedundancy: acrSku == 'Premium' ? zoneRedundancy : null + // zoneRedundancy: acrSku == 'Premium' ? zoneRedundancy : null } } From 9f3a7b835e96f89579c74b8887aaddb47001fb5c Mon Sep 17 00:00:00 2001 From: Rainer Halanek Date: Fri, 4 Mar 2022 16:20:10 +0100 Subject: [PATCH 18/24] test --- arm/Microsoft.ContainerRegistry/registries/deploy.bicep | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/arm/Microsoft.ContainerRegistry/registries/deploy.bicep b/arm/Microsoft.ContainerRegistry/registries/deploy.bicep index 764e77d1a4..3aeda0b341 100644 --- a/arm/Microsoft.ContainerRegistry/registries/deploy.bicep +++ b/arm/Microsoft.ContainerRegistry/registries/deploy.bicep @@ -208,10 +208,10 @@ resource registry 'Microsoft.ContainerRegistry/registries@2021-09-01' = { type: 'Notary' status: trustPolicyStatus } - retentionPolicy: { - days: retentionPolicyDays - status: retentionPolicyStatus - } + // retentionPolicy: { + // days: retentionPolicyDays + // status: retentionPolicyStatus + // } } dataEndpointEnabled: dataEndpointEnabled publicNetworkAccess: publicNetworkAccess From c8ec071889970d76467bdce070917dc5afd84bbb Mon Sep 17 00:00:00 2001 From: Rainer Halanek Date: Fri, 4 Mar 2022 16:36:00 +0100 Subject: [PATCH 19/24] test --- arm/Microsoft.ContainerRegistry/registries/deploy.bicep | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/arm/Microsoft.ContainerRegistry/registries/deploy.bicep b/arm/Microsoft.ContainerRegistry/registries/deploy.bicep index 3aeda0b341..10e7a32ef4 100644 --- a/arm/Microsoft.ContainerRegistry/registries/deploy.bicep +++ b/arm/Microsoft.ContainerRegistry/registries/deploy.bicep @@ -208,10 +208,10 @@ resource registry 'Microsoft.ContainerRegistry/registries@2021-09-01' = { type: 'Notary' status: trustPolicyStatus } - // retentionPolicy: { - // days: retentionPolicyDays - // status: retentionPolicyStatus - // } + retentionPolicy: acrSku == 'Premium' ? { + days: retentionPolicyDays + status: retentionPolicyStatus + } : null } dataEndpointEnabled: dataEndpointEnabled publicNetworkAccess: publicNetworkAccess From 132cc72bc9600d477d59b87cc77d0a38671a5928 Mon Sep 17 00:00:00 2001 From: Rainer Halanek Date: Fri, 4 Mar 2022 16:37:11 +0100 Subject: [PATCH 20/24] test --- .../registries/replications/deploy.bicep | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/arm/Microsoft.ContainerRegistry/registries/replications/deploy.bicep b/arm/Microsoft.ContainerRegistry/registries/replications/deploy.bicep index 6c02fa1193..c58eac24a4 100644 --- a/arm/Microsoft.ContainerRegistry/registries/replications/deploy.bicep +++ b/arm/Microsoft.ContainerRegistry/registries/replications/deploy.bicep @@ -37,10 +37,10 @@ resource replication 'Microsoft.ContainerRegistry/registries/replications@2021-0 parent: registry location: location tags: tags - // properties: { - // regionEndpointEnabled: regionEndpointEnabled - // zoneRedundancy: zoneRedundancy - // } + properties: { + regionEndpointEnabled: regionEndpointEnabled + zoneRedundancy: zoneRedundancy + } } @description('The name of the replication.') From 7ebfa65eb285bb1d5077e4a3fd63ef41ee2514b5 Mon Sep 17 00:00:00 2001 From: Rainer Halanek Date: Fri, 4 Mar 2022 16:52:27 +0100 Subject: [PATCH 21/24] test --- .../registries/deploy.bicep | 24 +++++++++---------- 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/arm/Microsoft.ContainerRegistry/registries/deploy.bicep b/arm/Microsoft.ContainerRegistry/registries/deploy.bicep index 10e7a32ef4..071de0c804 100644 --- a/arm/Microsoft.ContainerRegistry/registries/deploy.bicep +++ b/arm/Microsoft.ContainerRegistry/registries/deploy.bicep @@ -193,14 +193,14 @@ resource registry 'Microsoft.ContainerRegistry/registries@2021-09-01' = { } properties: { adminUserEnabled: acrAdminUserEnabled - // encryption: acrSku == 'Premium' ? { - // keyVaultProperties: !empty(keyVaultProperties) ? keyVaultProperties : null - // status: encryptionStatus - // } : null + encryption: acrSku == 'Premium' ? { + keyVaultProperties: !empty(keyVaultProperties) ? keyVaultProperties : null + status: encryptionStatus + } : null policies: { - // exportPolicy: acrSku == 'Premium' ? { - // status: exportPolicyStatus - // } : null + exportPolicy: acrSku == 'Premium' ? { + status: exportPolicyStatus + } : null quarantinePolicy: { status: quarantinePolicyStatus } @@ -216,11 +216,11 @@ resource registry 'Microsoft.ContainerRegistry/registries@2021-09-01' = { dataEndpointEnabled: dataEndpointEnabled publicNetworkAccess: publicNetworkAccess networkRuleBypassOptions: networkRuleBypassOptions - // networkRuleSet: !empty(networkRuleSetIpRules) ? { - // defaultAction: networkRuleSetDefaultAction - // ipRules: networkRuleSetIpRules - // } : null - // zoneRedundancy: acrSku == 'Premium' ? zoneRedundancy : null + networkRuleSet: !empty(networkRuleSetIpRules) ? { + defaultAction: networkRuleSetDefaultAction + ipRules: networkRuleSetIpRules + } : null + zoneRedundancy: acrSku == 'Premium' ? zoneRedundancy : null } } From b416e285d88346430c227bd59fcf521c59358af1 Mon Sep 17 00:00:00 2001 From: Rainer Halanek Date: Mon, 7 Mar 2022 09:19:02 +0100 Subject: [PATCH 22/24] test --- arm/Microsoft.ContainerRegistry/registries/deploy.bicep | 2 +- arm/Microsoft.ContainerRegistry/registries/readme.md | 6 +++--- .../registries/replications/deploy.bicep | 2 +- .../registries/replications/readme.md | 6 +++--- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/arm/Microsoft.ContainerRegistry/registries/deploy.bicep b/arm/Microsoft.ContainerRegistry/registries/deploy.bicep index 071de0c804..b7b4a22a20 100644 --- a/arm/Microsoft.ContainerRegistry/registries/deploy.bicep +++ b/arm/Microsoft.ContainerRegistry/registries/deploy.bicep @@ -230,7 +230,7 @@ module registry_replications 'replications/deploy.bicep' = [for (replication, in name: replication.name registryName: registry.name location: location - regionEndpointEnabled: contains(replication, 'regionEndpointEnabled') ? replication.regionEndpointEnabled : false + regionEndpointEnabled: contains(replication, 'regionEndpointEnabled') ? replication.regionEndpointEnabled : true zoneRedundancy: contains(replication, 'zoneRedundancy') ? replication.zoneRedundancy : 'Disabled' tags: contains(replication, 'tags') ? replication.tags : {} } diff --git a/arm/Microsoft.ContainerRegistry/registries/readme.md b/arm/Microsoft.ContainerRegistry/registries/readme.md index 0dda5796f3..e6f4de55c9 100644 --- a/arm/Microsoft.ContainerRegistry/registries/readme.md +++ b/arm/Microsoft.ContainerRegistry/registries/readme.md @@ -9,7 +9,7 @@ Azure Container Registry is a managed, private Docker registry service based on | `Microsoft.Authorization/locks` | 2017-04-01 | | `Microsoft.Authorization/roleAssignments` | 2021-04-01-preview | | `Microsoft.ContainerRegistry/registries` | 2021-09-01 | -| `Microsoft.ContainerRegistry/registries/replications` | 2021-09-01 | +| `Microsoft.ContainerRegistry/registries/replications` | 2021-12-01-preview | | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Network/privateEndpoints` | 2021-05-01 | | `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | 2021-02-01 | @@ -19,7 +19,7 @@ Azure Container Registry is a managed, private Docker registry service based on | Parameter Name | Type | Default Value | Possible Values | Description | | :-- | :-- | :-- | :-- | :-- | | `acrAdminUserEnabled` | bool | `False` | | Optional. Enable admin user that have push / pull permission to the registry. | -| `acrSku` | string | `Basic` | `[Basic, Classic, Premium, Standard]` | Optional. Tier of your Azure container registry. | +| `acrSku` | string | `Basic` | `[Basic, Premium, Standard]` | Optional. Tier of your Azure container registry. | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | | `dataEndpointEnabled` | bool | `False` | | Optional. Enable a single data endpoint per region for serving data. Not relevant in case of disabled public access. | | `diagnosticEventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | @@ -182,5 +182,5 @@ You can specify multiple user assigned identities to a resource by providing add - [Privateendpoints](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/privateEndpoints) - [Privateendpoints/Privatednszonegroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/privateEndpoints/privateDnsZoneGroups) - [Registries](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ContainerRegistry/2021-09-01/registries) -- [Registries/Replications](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ContainerRegistry/2021-09-01/registries/replications) +- [Registries/Replications](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ContainerRegistry/2021-12-01-preview/registries/replications) - [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/roleAssignments) diff --git a/arm/Microsoft.ContainerRegistry/registries/replications/deploy.bicep b/arm/Microsoft.ContainerRegistry/registries/replications/deploy.bicep index c58eac24a4..6f20793a4e 100644 --- a/arm/Microsoft.ContainerRegistry/registries/replications/deploy.bicep +++ b/arm/Microsoft.ContainerRegistry/registries/replications/deploy.bicep @@ -32,7 +32,7 @@ resource registry 'Microsoft.ContainerRegistry/registries@2021-09-01' existing = name: registryName } -resource replication 'Microsoft.ContainerRegistry/registries/replications@2021-09-01' = { +resource replication 'Microsoft.ContainerRegistry/registries/replications@2021-12-01-preview' = { name: name parent: registry location: location diff --git a/arm/Microsoft.ContainerRegistry/registries/replications/readme.md b/arm/Microsoft.ContainerRegistry/registries/replications/readme.md index 3f28cc23c1..5fc994b14a 100644 --- a/arm/Microsoft.ContainerRegistry/registries/replications/readme.md +++ b/arm/Microsoft.ContainerRegistry/registries/replications/readme.md @@ -6,7 +6,7 @@ This module deploys ContainerRegistry Registries Replications. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.ContainerRegistry/registries/replications` | 2021-09-01 | +| `Microsoft.ContainerRegistry/registries/replications` | 2021-12-01-preview | ## Parameters @@ -15,7 +15,7 @@ This module deploys ContainerRegistry Registries Replications. | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | | `location` | string | `[resourceGroup().location]` | | Optional. Location for all resources. | | `name` | string | | | Required. The name of the replication. | -| `regionEndpointEnabled` | bool | `False` | | Optional. Specifies whether the replication regional endpoint is enabled. Requests will not be routed to a replication whose regional endpoint is disabled, however its data will continue to be synced with other replications. | +| `regionEndpointEnabled` | bool | `True` | | Optional. Specifies whether the replication regional endpoint is enabled. Requests will not be routed to a replication whose regional endpoint is disabled, however its data will continue to be synced with other replications. | | `registryName` | string | | | Required. The name of the registry. | | `tags` | object | `{object}` | | Optional. Tags of the resource. | | `zoneRedundancy` | string | `Disabled` | `[Disabled, Enabled]` | Optional. Whether or not zone redundancy is enabled for this container registry | @@ -47,4 +47,4 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references -- [Registries/Replications](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ContainerRegistry/2021-09-01/registries/replications) +- [Registries/Replications](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ContainerRegistry/2021-12-01-preview/registries/replications) From e79e030f923b24c461ce9d3943eca0074783a91b Mon Sep 17 00:00:00 2001 From: Rainer Halanek Date: Mon, 7 Mar 2022 09:43:21 +0100 Subject: [PATCH 23/24] fix --- arm/Microsoft.ContainerRegistry/registries/deploy.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arm/Microsoft.ContainerRegistry/registries/deploy.bicep b/arm/Microsoft.ContainerRegistry/registries/deploy.bicep index b7b4a22a20..d5e398d254 100644 --- a/arm/Microsoft.ContainerRegistry/registries/deploy.bicep +++ b/arm/Microsoft.ContainerRegistry/registries/deploy.bicep @@ -229,7 +229,7 @@ module registry_replications 'replications/deploy.bicep' = [for (replication, in params: { name: replication.name registryName: registry.name - location: location + location: replication.location regionEndpointEnabled: contains(replication, 'regionEndpointEnabled') ? replication.regionEndpointEnabled : true zoneRedundancy: contains(replication, 'zoneRedundancy') ? replication.zoneRedundancy : 'Disabled' tags: contains(replication, 'tags') ? replication.tags : {} From d7d28f8bca21ff5544a4c45f8fc266c9335d47a8 Mon Sep 17 00:00:00 2001 From: Rainer Halanek Date: Mon, 7 Mar 2022 14:06:52 +0100 Subject: [PATCH 24/24] test --- .../registries/.parameters/parameters.json | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/arm/Microsoft.ContainerRegistry/registries/.parameters/parameters.json b/arm/Microsoft.ContainerRegistry/registries/.parameters/parameters.json index 019af37a8a..1601d99964 100644 --- a/arm/Microsoft.ContainerRegistry/registries/.parameters/parameters.json +++ b/arm/Microsoft.ContainerRegistry/registries/.parameters/parameters.json @@ -14,6 +14,12 @@ "exportPolicyStatus": { "value": "enabled" }, + "quarantinePolicyStatus": { + "value": "enabled" + }, + "trustPolicyStatus": { + "value": "enabled" + }, "replications": { "value": [ {